The vulnerabilities inexchange server are: 1. Outlook Web Access Script Injection Vulnerability : An information disclosure vulnerability exists in Microsoft Exchange in the way that Outlook Web Access (OWA) handles script-based attachments. An attached script could spoof content, disclose information, or take any action that the user could take within the context of the OWA session. Mitigating Factors for Outlook Web Access Script Injection Vulnerability : The vulnerability could not be exploited automatically through e-mail. For an attack to be successful an attacker must e-mail a specially crafted file to a user and convince the user to open the file within an authenticated OWA session. Microsoft Exchange Server 2007 is not affected by this vulnerability. 2. MIME Decoding Vulnerability : A remote code execution vulnerability exists in Microsoft Exchange Server because of the way that it decodes specially crafted e-mail messages. An attacker could exploit the vulnerability by sending a specially crafted e-mail to a Microsoft Exchange Server user account. An attacker who successfully exploited this vulnerability could take complete control of an affected system. 3. IMAP Literal Processing Vulnerability : A denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles invalid IMAP requests. An attacker could exploit the vulnerability by sending a specially crafted IMAP command to a Microsoft Exchange Server configured as an IMAP server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding. Microsoft has released some updates for the same: Here is a list of the updates with the corresponding software which they belong to..... Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 Download the update (KB931832) Microsoft Exchange Server 2003 Service Pack 1 Download the update (KB931832) Microsoft Exchange Server 2003 Service Pack 2 Download the update (KB931832) Microsoft Exchange Server 2007 Download the update (KB935490) Maddy.....